Cyware Daily Threat Intelligence

Daily Threat Briefing • Feb 16, 2022
This website uses cookies and similar technologies to provide essential functionality and improve your experience. Some features, such as demo scheduling and chat support, require marketing cookies to function. By clicking "Accept All", you consent to all cookies. Alternatively, you can customize your preferences, but note that declining marketing cookies will limit certain website features.
Daily Threat Briefing • Feb 16, 2022
SquirrelWaffle, the newish malware loader in the threat landscape, is digging its claws into unpatched Microsoft Exchange servers for financial fraud. So, if your organization has not yet patched the ProxyLogon and ProxyShell flaws, this is something you have to deal with urgently. The tricky part of the campaign is that the attackers are using hijacked email threads and typo-squatted domains to add legitimacy to the email conversation.
The sneaky technique involving hijacked email threads was also a part of the latest attack campaign that distributed the Emotet trojan. The email included zip files, which when opened, caused the execution of Excel 4.0 macros. Meanwhile, the CISA has updated the ‘Known Exploited Vulnerabilities’ catalog by adding nine new flaws, one of them being a zero-day flaw affecting the Magento Open Source platform.
Top Breaches Reported in the Last 24 Hours
DDoS attacks on websites
A series of DDoS attacks knocked off several government and banking websites in Ukraine. This included the websites of the defense ministry, foreign and culture ministry, and the two largest state-owned banks - Privatbank and Sberbank. Meanwhile, the banks have managed to restore their operations and websites following the attacks.
ISOC exposes data
The Internet Society (ISOC) has inadvertently exposed the personal data of more than 80,000 members due to an unprotected Microsoft Azure cloud repository. The misconfigured repository contained millions of JSON files, including full names, email addresses, mailing addresses, and login details of members.
Top Malware Reported in the Last 24 Hours
SquirrelWaffle backdoor returns
SquirrelWaffle backdoor is targeting Microsoft Exchange servers vulnerable to ProxyLogon and ProxyShell vulnerabilities. While the malware initially targeted the servers to distribute Cobalt Strike beacons through hijacked email threads, researchers uncovered one email thread conversation that conducts financial fraud.
Emotet email attack campaign
A new phishing email attack campaign was found distributing the Emotet trojan. The campaign leveraged stolen email threads to bypass security systems. It included a zip file that resulted in the execution of Excel 4.0 macros.
Top Vulnerabilities Reported in the Last 24 Hours
High-risk vulnerability in Grafana
A high-impact web security vulnerability in Grafana can enable attackers to elevate their privileges to the administrator level. The cross-site request forgery vulnerability is tracked as CVE-2022-21703 and affects versions prior to 7.5.15 and 8.3.5.
Flawed Apache Cassandra fixed
A high-severity flaw in Apache Cassandra could be abused to gain remote code execution on affected installations. The flaw is tracked as CVE-2021-4451 and has a CVSS score of 8.4. The developers have fixed the vulnerability by upgrading to versions 3.0.26, 3.11.12, and 4.0.2.
CISA adds nine more flaws
The CISA has added a list of nine bugs to its Known Exploited Vulnerabilities catalog. Two of these are related to Chrome and Magento. The flaws are an improper input validation flaw in Adobe Commerce and a use-after-free vulnerability in Google Chrome.